fix a bug that prevents launch-time passphrases w/ cred plugins

with the advent of credential plugins there's no way for us to *actually know* the RSA key value at the time the credential is _created_, because the order of operations is: 1. Create the credential with a specified passphrase 2. Associate a new dynamic inventory source pointed at some third party provider (hashi, cyberark, etc...) this commit removes the code that warns you about an extraneous passphrase (if you don't specify a private key) additionally, the code for determining whether or not a credential _requires_ a password/phrase at launch time has been updated to test private key validity based on the *actual* value from the third party provider see: #4791
ansible · Sep 26, 2019 · d30d51d · d30d51d
1 parent 693e588
commit d30d51d
Show file tree

Hide file tree

Showing 3 changed files with 1 addition and 12 deletions.
diff --git a/awx/main/models/credential/__init__.py b/awx/main/models/credential/__init__.py
@@ -151,7 +151,7 @@ def needs_ssh_password(self):
     @property
     def has_encrypted_ssh_key_data(self):
         try:
-            ssh_key_data = decrypt_field(self, 'ssh_key_data')
+            ssh_key_data = self.get_input('ssh_key_data')
         except AttributeError:
             return False
 
@@ -633,9 +633,6 @@ def create(self):
             'secret': True,
             'ask_at_runtime': True
         }],
-        'dependencies': {
-            'ssh_key_unlock': ['ssh_key_data'],
-        }
     }
 )
 
@@ -667,9 +664,6 @@ def create(self):
             'type': 'string',
             'secret': True
         }],
-        'dependencies': {
-            'ssh_key_unlock': ['ssh_key_data'],
-        }
     }
 )
 
@@ -738,7 +732,6 @@ def create(self):
             'secret': True,
         }],
         'dependencies': {
-            'ssh_key_unlock': ['ssh_key_data'],
             'authorize_password': ['authorize'],
         },
         'required': ['username'],

diff --git a/awx/main/tests/functional/api/test_credential.py b/awx/main/tests/functional/api/test_credential.py
@@ -496,9 +496,6 @@ def test_falsey_field_data(get, post, organization, admin, field_value):
 
 @pytest.mark.django_db
 @pytest.mark.parametrize('kind, extraneous', [
-    ['ssh', 'ssh_key_unlock'],
-    ['scm', 'ssh_key_unlock'],
-    ['net', 'ssh_key_unlock'],
     ['net', 'authorize_password'],
 ])
 def test_field_dependencies(get, post, organization, admin, kind, extraneous):

diff --git a/awx/main/tests/functional/test_credential.py b/awx/main/tests/functional/test_credential.py
@@ -137,7 +137,6 @@ def test_credential_creation(organization_factory):
     [PKCS8_PRIVATE_KEY, None, True],  # unencrypted PKCS8 key, no unlock pass
     [PKCS8_PRIVATE_KEY, 'passme', False],  # unencrypted PKCS8 key, unlock pass
     [None, None, True],  # no key, no unlock pass
-    [None, 'super-secret', False],  # no key, unlock pass
     ['INVALID-KEY-DATA', None, False],  # invalid key data
     [EXAMPLE_PRIVATE_KEY.replace('=', '\u003d'), None, True],  # automatically fix JSON-encoded GCE keys
 ])